Posted
by
msmash
on Friday April 20, 2018 @02:40PM
from the revisiting-time dept.

Everyone from Uber to PayPal is facing a backlash against their impenetrable legalese. From a report: Personal finance forums online are brimming with complaints from hundreds of PayPal customers who say they've been suspended because they signed up before age 18. PayPal declined to comment on any specific cases, but says it's appropriate to close accounts created by underage people "to ensure our customers have full legal capacity to accept our user agreement." While that may seem "heavy-handed," says Sarah Kenshall, a technology attorney with law firm Burges Salmon, the company is within its rights because the users clicked to agree to the rules -- however difficult the language might be to understand.

Websites have long required users to plow through pages of dense legalese to use their services, knowing that few ever give the documents more than a cursory glance. In 2005 security-software provider PC Pitstop LLC promised a $1,000 prize to the first user to spot the offer deep in its terms and conditions; it took four months before the reward was claimed. The incomprehensibility of user agreements is poised to change as tech giants such as Uber Technologies and Facebook confront pushback for mishandling user information, and the European Union prepares to implement new privacy rules called the General Data Protection Regulation, or GDPR. The measure underscores "the requirement for clear and plain language when explaining consent," British Information Commissioner Elizabeth Denham wrote on her blog last year.

i havent had paypal since i last closed facebook before i closed the new attempt last month after a month and 400 people of crud nature giving me the impression that my every move was being watched, despite the fact that all my profiles, links and contact info was on there, the only people im still in touch with now are those i was in touch with before... as paypal... they simply ignored my mails, my calls, my everything and then i got some thing like "give us the exact date on which you opened your accou

i have to correct myself on that, same day evening i checked and it seems the few euros were back in there, no one simply had replied to the support ticket... something like RTFM i suppose, which is far better than what i got from paypal since they never gave me access to my account, not the first time, but definitely the last there

A crude measure of whether a piece of text is easy to read is something like the Flesch-Kinkaid reading ease metric which does simple measurements of average sentence length and average word length, assuming that longer words in longer sentences are more difficult to read. It kind-a-sort-a works.

A better idea would be to require users to pass a reading test made from the EULA text itself. The two most accurate I know of are the Open Cloze test, where every 7th word is left blank and users have to write/type

I think the idea is that if your users have to understand the T&C to sign up, then you have to make your T&C understandable or you wind up with no signups. The problem of course is that if you control both the T&C and the test, then the test may not really be proof of understanding.

This is why the 'just read it' rhetoric doesn't quite work. EULAs are written for a very specific audience with specialized knowledge. Even if a layman understands the sentences themselves, they are not generally going to be able to put them into the proper context of the rest of the legal framework.
They half depend on people not reading them, and half depend on the professional arrogance of people reading them and believing that since they are smart computery type people working in the one and only field that requires specialized knowledge, so they understand legal documents just as well as people who actually have that domain knowledge.

I recently took a look at the terms for Thinkific (an online education platform; I wanted to see if they claimed any ownership over the materials posted), and was pleasantly surprised by the "which means" sidebar breaking down the legalese. https://www.thinkific.com/resources/terms-of-service/ [thinkific.com]

On the other hand, I wonder if slimy companies could word things in such a way as to gloss over slimy sections in the legalese.

Actually most EULA's juts boil down to "You agree to use this at your own risk, will not sue us if you don't like something it does (especially if it's something some otehr user does/says) and we will ban you if you are more trouble than you are worth".

It really isn't that complicated conceptually, and the origins are mostly in trying not to get sued because the end user does something like delete an important file using a command designed to delete files and then sue the people who wrote their file manager

As some of the stuff in the EULA you need to be an lawyer to under stand what they are talking about.

That reminds me of one of my favorite episodes of Boston Legal. The law firm is representing someone against a Credit Card company (similar impenetrable legalese in their contracts), and Jerry Espensen, the character who is supposedly a brilliant legal mind, but who also is incredibly awkward socially and also doesn't talk much due to his Aspberger's, suddenly pipes up and says:

"I have JD and an MBA from Harvard and even *I* can't make heads nor tails of this deception and fraud!"

I'd say any contract that you can't prove >10% of your users actually understand, is null and void.

All a sudden, you have TONS of easily-readable contracts and incentive for users to read them.

It's like a kind of classism. Where the smartest lawyers (with insider legal knowledge) prey upon the average intelligence with no access to legal resources and experience. You know they don't understand it and you're absolutely going to benefit from it.

That's the claim, but it's bunk. A contract is supposed to represent a meeting of minds, an agreement between two entities. If one of those minds can't even understand it, there is no meeting of minds. A sane court system would void any such thing on sight. Especially the ones so bad even lawyers are befuddled when reading them.

As for ambiguity, I have NEVER heard a lawyer state anything in absolute terms when it comes to contracts. It's always probably this and most likely that.

It's like astro-physics, which seems to be have been written by a Wall Street legal team. Something like "pair production" where two gamma rays form an electron and positron seems harmless enough. But combine that with an extremely large star, and all that mass compresses the stellar core such that only gamma rays are formed, the positrons are annihilated, leading to a supernova.

Maybe we need to start creating boiler plate or set of common named terms & conditions? While there would still be the usual legal jargon, at least there is a community built around understanding what the contract is trying to achieve, since it is reused in other places. Think Creative Commons, GPL and MIT licenses for example.

Maybe a checkbox system, where you specify what you want from the contract and then the legalese would be generated, but at least there would be a similar high level view to the u

So long as that arbitration clause remains valid. The rules and laws are set up to support the terms and conditions that the more powerful player requires, and the arbitrator almost always sides with the bigger, more powerful player.

Hey, Stupid, had you actually been paying enough attention to know anything about the specific subject of PayPal and arbitration clauses, you'd know that PayPal was one of very very few companies that actually allowed people to OPT OUT of the arbitration clause when they introduced it.

How do I know this? I was actually paying attention and opted out. Sorry you weren't paying attention, there's likely no do-overs for that.

Companies need MUCH less leeway to dictate rules in the first place. There should NEVER be mandatory arbitration allowed in the first place for any service rendered. One consumer is in an unacceptable situation when they need a service and every provider requires draconian rules that are non-negotiable. Congress and the states should set the rules for doing business and companies who want to do business should have to comply. If your business plan requires short circuiting the rights of every last one o

I'm banned for life by Paypal. About a year ago they suspended my account, held onto all funds for 6 months and told me they'll never accept me as a customer ever again (they track SSN and CC numbers). I've no idea why because the customer support rep never said anything except that I should take my business elsewhere. I can only guess that they rate users / merchants by risk and are heavily culling any that blip above their line (which is pretty low). I sold software through a web site for $3.99 a pop and had a few customers claim their money back via Paypal (maybe 4 out of hundreds). Only one was ever valid, but there was absolutely no way to dispute a dispute with Paypal, so I just returned the money via the button they provided on the website. Now, Paypal can do what they like because they are a business, but I recommend no one ever use them for anything ever. If you are using them, go elsewhere and never rely on them to have your back.

Don't feel bad, PayPal did the same thing to me, albeit for different reasons.

Way back in the beginning, PayPal allowed you to create an account using nothing more than a Credit Card. So, I created an account. I never kept more than ~$50 or so in it as it was just for misc purchases I would make.

One day, I get an email from PayPal informing me that evil Russian hackers had attempted to log into my account and, for my protection of course, they limited access. Fine. So I called them up and told them that since I rarely used the account, to just close it out and send me whatever funds were left within it.

Were it so easy:|

"Oh no", they said, "we can't allow you to close out the account until you provide us with the following information: "

1) Phone number2) Bank account number to my checking account

I argued that if " evil Russian Hackers " were trying to get into my account, why on Earth would I want to link this new information to it ? Just shut it down, close it out and be done with it.

They told me no.

So, I changed my password to some ungodly long phrase and let the account sit there, unused, for years.

PayPal sent me hate mail ( which I ignored ) from time to time informing me that if I didn't comply with their demands that they would close the account out. ( Which is what I wanted in the first place )

After a few years of this, they eventually did close it out and blacklisted me from using their services. ( Not that I lose a lot of sleep over that mind you. If a website only uses PayPal as their payment processor, I go find the item I want elsewhere. Simple as that. If it doesn't exist elsewhere, I just don't buy it. )

So, the way I see it is this:

Until PayPal gets regulated like the banking entity it's pretending to be, I wouldn't trust them for anything because they have shown time and time again that they are about as shady as they come.

I guess I don't understand this part. I don't keep money in my PayPal account. Never have. It is linked to a credit card, through which they can transfer charges. But I assume that funds remain 'in' PayPal for only a matter of seconds. Money going the other way (which I don't do) would require a linked bank account. Into which PayPal would immediately deposit funds due me.

PayPal is not a bank. And were they to act as one (by holding onto funds on someone's behalf) that would open up a whole can of legal an

The measure underscores "the requirement for clear and plain language when explaining consent,"

Won't help. You could put a copy of Game of Thrones novels in those end-user license agreements and people still would not read them. No one reads that stuff. It's not going to matter if it's comprehensible to the layman or not.

Obviously, we need something entirely different to fill this void. It's obviously a problem, but how do you re-train the enitre population to start reading that stuff? Tall order there. Good luck!

You may have just found a very interesting form of pirate file distribution. Can I file a patent with the entire GOT series embedded as one of the claims? Or maybe I could file a FOIA request containing the DeCSS source code? Or a public comment to an FCC proposal!

I understand that all softwares have their purpose and the owner want to control how users are interfacing with it to limit the potential for abuse, but having a multi-pages terms and condition agreement document is something that realistically no one will read.
Maybe there could be some way of summarizing the terms and condition in a format that is easier to understand at a glance? I'm pretty some parts are common, so maybe establish a kind of symbology to quickly inform the user what they are allowed to

That's just the problem. Those two requirements are mutually exclusive. You can have language that's clear (i.e. explains exactly and precisely what you're consenting to), or you can have language that's plain (simple to read and understand). Except for a few broad, general cases, you can't have both.

e.g. Consider the EULA terms for a photo sharing service. Your photos are protected by your copyright, but the service needs to be able to keep a copy.

"User (copyright holder) grants Service a license to keep a copy of copyrighted photos."

But wait, it's not enough just to keep a copy of the photo. For the photo to be shared, another copy needs to be produced on the visitor's computer.

"User (copyright holder) grants Service a license to keep a copy of copyrighted photos, and to make and distribute additional copies for the purposes of providing the service."

But wait, the service right now is a photo sharing service. What if they decide to change in the future into something more? So you can't just call it 'service', you have to define exactly what that service is.

"User (copyright holder) grants Service a license to keep a copy of copyrighted photos, and to make and distribute additional copies for the purposes of providing the service of distributing photos to other users whom User has given permission to view."

But wait, what if one of those other users decides to keep a copy of said photo? The service doesn't want to be sued for such actions since that's out of its control.

"User (copyright holder) grants Service a license to keep a copy of copyrighted photos, and to make and distribute additional copies for the purposes of providing the service of distributing photos to other users whom User has given permission to view. User understands that copies made to provide the service will be on devices outside of Service's control, and Service cannot guarantee such copies will not be retained or further distributed against User's wishes. User indemnifies Service against responsibility for copyright violations by other users, and will not sue Service for the actions of other users."

But wait, what if some of those users are employed by the service? That creates a loophole where the service could hire third parties to sell and distribute unauthorized copies, free from fear of being sued for copyright infringement.

"User (copyright holder) grants Service a license to keep a copy of copyrighted photos, and to make and distribute additional copies for the purposes of providing the service of distributing photos to other users whom User has given permission to view. User understands that copies made to provide the service will be on devices outside of Service's control, and Service cannot guarantee such copies will not be retained or further distributed against User's wishes. User indemnifies Service against responsibility for copyright violations by other users, and will not sue Service for the actions of other users, except in the case of users who are employees or agents of Service."

But wait, the service needs to keep backups of these photos in case they suffer a storage device failure. Such backups are prudent but not necessary to provide the service. And the clause you've just added makes the admin making the backups liable for copyright violation.

"User (copyright holder) grants Service a license to keep a copy of copyrighted photos, and to make and distribute additional copies for the purposes of providing the service of distributing photos to other users whom User has given permission to view. User understands that copies made to provide the service will be on devices outside of Service's control, and Service cannot guarantee such copies wil

So they could easily cut out 90% of a typical EULA? That's a good start.

Of course, a fair bit of that is already implied in law. If you give someone a copy, you have implicitly permitted them to have it. If you put it on a site whose whole reason to be is sharing pictures, you have implicitly agreed that they may present it to others. People are responsible for their own actions, so another user that misuses the picture is responsible for that.

You have the EULA as it looks now, which is CLEAR - at least in the legal sense. And then you add after each section a "Layman's version" which isn't legally clear, but summarizes what the section means, eg. "If you sign up before you're of legal age and we find out, we're going to ban you."

User agreements, terms and conditions and even staff contracts are all utter bullshit. Contracts are supposed to be negotiated by the 2 sides, none of these are negotiated in any meaningful way, they are dictated by big companies who have the upper hand and accepted by users who really have no choice in the matter because the services offered are unique or they don't have the option financially to say no.

I think a lot of the contracts that we agree to aren't really necessary. Do you really need all these special things from me, instead of me just handing over the money?

The terms should be simple. Just to be clear, I don't mean simple terms as in written to be understandable by laymen. I mean the actual give-and-take --- deviations from a normal sale -- shouldn't involve much. I can buy a loaf of bread (here's the money, gimme the bread) without a contract. Same for books (at least if they're paper rather ht

the company is within its rights because the users clicked to agree to the rules

So their justification for booting out users who legally cannot be held to agree to the T&C's is that they agreed to the T&C's.

That said, if they are refunding any money the users have in their accounts, this isn't really worth a story. If they are seizing funds from minors on the basis that they are in violation of the agreement, then that would be extra scummy.

Maybe there's a market here. Users can pay to have each contract analyzed. Your friendly cloud service will summarize the contract for you, compare it with other contracts in the same industry, and point out how your contract varies from the norm. Etc.